Secure embedded devices by hacking at ESC/EELive!

EE Live!
2014’s organizers have spotlighted several
sessions from the Black Hat Engineering
Summit, its two-day program that
aims to provide attendees with a forum for
the discussion and evaluation of the
latest solutions for securing embedded
systems from threats in today's global
environment.

The Black Hat Engineering Summit will run
on April 2 and 3 as part of EE Live! 2014, which
will be held at the San Jose McEnery
Convention Center March 31 to April 3.
This summit will not only provide
essential information and tools to
electronics professionals but also a
greater understanding of security risks to
the information infrastructures and
computer systems with which they work
every day.

One of the summit’s talks is "Finding and Reversing
Engineering Backdoors in Consumer
Firmware," which will be delivered
by Tactical Network Solutions’s
vulnerability researcher Craig Heffner. He
will examine the most egregious -- and
unfortunately one of the more common --
security violations in both consumer and
business infrastructure: intentional
backdoors put in products by vendors
themselves.

Heffner will discuss the difficulties in
analyzing embedded devices and common
tools/techniques used by reverse engineers
to dissect firmware. Throughout that
process, he will also demonstrate multiple
backdoors in consumer products from
D-Link, Tenda, Trendnet, and 3SVision.
Furthermore, he will explore practical
attack scenarios against the affected
devices and suggest probable reasons for
the existence of these backdoors.

iSEC Partners security engineer Mike Ryan
will lead a talk titled "Bluetooth Smart: Not
Actually That Smart." He’ll start
off by sharing his early work detailing
major protocol flaws that leave user data
unencrypted and unprotected against
attackers. But he will also discuss new
discoveries, including remotely
exploitable vulnerabilities that may
affect devices in your pocket at this very
moment.